Show TOC

Editing Predefined AuthorizationsLocate this document in the navigation structure


You can automatically generate authorizations for a role that you have created. The values for these authorizations are largely predefined by SAP.


If this predefined authorization data does not fulfill your requirements, do not change or delete it the role. Instead, deactivate the unsuitable authorization data. You can then fill in the missing values and, if necessary, add additional authorizations from SAP templates or profiles.


Generating Authorizations

  1. In the role administration tool (transaction PFCG), choose the Authorizations tab page.

    In addition to creation and change information, there is also information there about the authorization profile: the profile name, profile text, and status.

    The status display on the Authorizations tab page, shows whether the associated authorization profile is current. If the display is red or yellow, the profile is not current. The status text on the tab page specifies the reason for this.

  2. To change the predefined and empty authorizations for the role, choose Change Authorization Data or Expert Mode for Profile Generation.

    In expert mode, you can explicitly select the editing option for authorization values. This option is automatically set correctly in normal mode.

  3. Edit the predefined and empty authorization fields of the transactions.

  4. To generate an authorization profile based on this data, choose Generate.

    The authorization profile generated in this way is entered in the user master records of the users of the role when the user master records are compared.

Changing Authorizations

  1. Choose Change Authorization Data.

  2. Edit the organizational levels in the Define Organizational Levels dialog box.


    This dialog box only appears if the selected authorization data contains organizational levels. Examples of organizational levels are plants, company codes, and business areas. Define global values for the role for each organizational level, that is, for each field. You can display and edit existing organization levels using transaction SUPO.

  3. Save your entries.

  4. Check or change the predefined authorizations in the hierarchy display that appears. When doing so, take into account the executions SAP Authorization Concept and Icons and Status Texts in Authorization Administration.

Maintaining Authorization Fields

You can maintain authorization fields using the authorization trace or the system trace. More information: Maintaining Authorization Fields Using Trace Evaluation in Transaction PFCG.